Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: CONTINUATION frames DoS CVE-2024-28182 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refe...

ALSA-2024:4252 Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: CONTINUATION frames DoS CVE-2024-28182 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refe...

CVE-2024-36387

A flaw was found in the Apache HTTP Server. Serving WebSocket protocol upgrades over an HTTP/2 connection could result in a NULL pointer dereference, leading to a crash of the server process. Mitigation Mitigation for this issue is either not available or the currently available options do not me...

Security Bulletin: Denial of service and password enumeration might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2023-45288, CVE-2024-25031, CVE-2024-38322, CVE-2024-33883. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION:...

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

CVE-2024-36387

CVE-2024-36387 affects the Apache httpd mod_http2 component: when serving WebSocket protocol upgrades over HTTP/2, it can trigger a NULL pointer dereference and crash the server, degrading performance (DoS). Connected advisories indicate patches across distributions (e.g., Debian security update ...

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387 Low. Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Proxy encoding problem...

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230section-6.7 a server sends 101 wh...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for June 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...

Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)

Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request, ...

IBM MQ 9.0 <= 9.0.0.26 / 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.4 CD (7158057)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7158057 advisory. - Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cau...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2024-27316]

Summary IBM HTTP Server powered by Apache used by IBM i is vulnerable to a denial of service attack due to no limit of continuation fames in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in t...

MAL-2024-3804 Malicious code in use-http-2 (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in use-http-2 (npm)

--- -= Per source details. Do not edit below this line.=-...